36bc710004af46f9200e59c784a30859_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36bc710004af46f9200e59c784a30859_JaffaCakes118
Size

1.9MB
MD5

36bc710004af46f9200e59c784a30859
SHA1

254b04d1e0e57e936b40868cc9df10170fe18b7d
SHA256

e139ff911c61d5e705989b7db282dcaca51daf39c9e4ae63e53e95fd30ae1035
SHA512

64103f010ebedd48c24109fb978bbb69405340ff226544e9b49abf32455ca565f5e181b3d845f509cb0399a1df03df64a516aab74d8a986993f70ee8907a81bf
SSDEEP

49152:pMi1E1Ez/tjSHSlFnLbWy6pddV9VyCcWa6XF53eJ/j6aMPjbzyLMpl/AZ9:pMiLz/lSylFnLbWyuc36XF53eJ/j6fjm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36bc710004af46f9200e59c784a30859_JaffaCakes118

Files

36bc710004af46f9200e59c784a30859_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5bbfe1863ee6aa9ceacee3e1f0a50e39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\HaoZip1.7\rczip1.7.3612.chs\trunk\bin\win32\release\pdb\HaoZip.pdb

Imports

kernel32

FormatMessageW
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
ResumeThread
SetEndOfFile
SetFileTime
WriteFile
GetFileSize
SetFilePointer
ReadFile
VirtualFree
VirtualAlloc
ReleaseMutex
CreateMutexW
SetFileAttributesW
GetLongPathNameW
SearchPathW
GetTempPathW
GetFullPathNameW
GetWindowsDirectoryW
GetTempFileNameW
MoveFileExW
lstrcatW
GetLocalTime
GetComputerNameW
GetVersionExW
LockResource
LoadResource
ExpandEnvironmentStringsW
GetPrivateProfileStringW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
GetLogicalDriveStringsW
GetVolumeInformationW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
EnumResourceLanguagesW
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
FreeResource
SizeofResource
FindResourceExW
EnumResourceNamesW
EnumResourceTypesW
GetSystemDefaultLangID
WritePrivateProfileStringW
LoadLibraryExW
GetModuleFileNameW
FindResourceW
GetCurrentProcessId
GetProcessTimes
FileTimeToLocalFileTime
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
Sleep
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
TerminateThread
WaitForSingleObject
GlobalSize
InterlockedDecrement
InterlockedIncrement
GetDriveTypeW
GetFileTime
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetTickCount
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
MoveFileW
RemoveDirectoryW
FindNextFileW
CreateDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
CompareStringW
lstrcmpiW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
RaiseException
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
SetLastError
SetCurrentDirectoryW
DeleteFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateFileW
FindClose
FindFirstFileW
CreateEventW
SetEvent
CloseHandle
WaitForMultipleObjects
InterlockedExchange
GetCurrentDirectoryW
SetErrorMode
CopyFileW
GetModuleHandleW
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
FileTimeToSystemTime

user32

SetCursor
LoadCursorW
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
wsprintfW
TrackPopupMenu
GetMessageW
TranslateMessage
UnregisterClassA
DispatchMessageW
IsDialogMessageW
IsRectEmpty
GetMenuItemRect
SetMenuItemInfoW
CheckMenuItem
GetMenuState
ExitWindowsEx
MessageBoxW
ShowCursor
SetWindowPlacement
GetWindowPlacement
CopyRect
GetIconInfo
CopyIcon
CreateIconIndirect
DeleteMenu
GetScrollInfo
ScrollWindowEx
IsMenu
SetScrollPos
GetSysColorBrush
SetScrollInfo
ClientToScreen
TrackPopupMenuEx
InsertMenuItemW
DrawStateW
GetMenuItemInfoW
GetSubMenu
DrawIconEx
GetMenuItemCount
DrawFrameControl
InflateRect
GetClassInfoExW
RegisterClassExW
CheckDlgButton
MessageBeep
GetDlgItemInt
SetDlgItemInt
CheckRadioButton
MonitorFromPoint
GetMonitorInfoW
GetCursor
EnableMenuItem
GetTopWindow
SetDlgItemTextW
LoadStringW
EnumWindows
IsChild
GetSystemMetrics
SetParent
WindowFromPoint
SetTimer
KillTimer
GetWindowThreadProcessId
FindWindowExW
GetWindowDC
EqualRect
LoadBitmapW
GetClassLongW
MoveWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClassW
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
SetCapture
CallWindowProcW
DefWindowProcW
EndPaint
BeginPaint
SetRectEmpty
GetCursorPos
PtInRect
GetDlgCtrlID
GetFocus
ReleaseCapture
DrawFocusRect
FillRect
GetCapture
DestroyWindow
OffsetRect
GetClientRect
CharNextW
GetWindowTextW
GetWindow
DrawTextW
GetWindowTextLengthW
MapWindowPoints
SetWindowPos
GetPropW
SystemParametersInfoW
SetPropW
GetParent
CreateWindowExW
ScreenToClient
RedrawWindow
IsWindowEnabled
EndDialog
DialogBoxParamW
UpdateWindow
SetFocus
EnableWindow
CreateDialogParamW
SetWindowLongW
PostQuitMessage
GetWindowRect
IsWindowVisible
GetWindowLongW
InvalidateRect
LoadImageW
GetActiveWindow
GetMenu
ReleaseDC
GetDC
DestroyMenu
SetMenu
GetClipboardData
CloseClipboard
DrawTextExW
GetDesktopWindow
OpenClipboard
GetClassNameW
DestroyIcon
LoadIconW
GetSysColor
SendMessageW
AppendMenuW
CreatePopupMenu
CreateMenu
GetKeyState
BringWindowToTop
SetForegroundWindow
ShowWindow
IsIconic
IsWindow
PostMessageW
PostThreadMessageW

gdi32

SetROP2
BitBlt
CreatePatternBrush
Rectangle
LineTo
DeleteObject
MoveToEx
SetBkMode
CreateFontIndirectW
SetPixel
Ellipse
GetPixel
ExcludeClipRect
GetClipBox
TextOutW
EndPath
BeginPath
FillPath
GetBkColor
CreatePen
CreateCompatibleBitmap
PathToRegion
SetViewportOrgEx
GetTextMetricsW
GetTextExtentPoint32W
CreateSolidBrush
CreateBitmap
PatBlt
GetStockObject
GetObjectW
StretchBlt
SelectObject
ExtTextOutW
SetBkColor
CreateCompatibleDC
DeleteDC
SetTextColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
DragQueryFileW
SHFileOperationW
SHGetDesktopFolder
ord28
ord74
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoW
DragFinish
SHChangeNotify
FindExecutableW
ShellExecuteExW

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
RegisterDragDrop
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
ReleaseStgMedium
RevokeDragDrop
DoDragDrop

oleaut32

GetErrorInfo
VariantClear

shlwapi

AssocQueryStringW
SHAutoComplete
PathIsRelativeW
StrRetToBufW

msimg32

TransparentBlt

msvcr80

_wfopen_s
fread
strcpy_s
_wcsnicmp
_rotl
_localtime64_s
toupper
fputc
fsetpos
iswpunct
fclose
fwrite
ungetc
fgetc
fseek
setvbuf
fflush
iswascii
ispunct
fgetpos
_recalloc
sprintf_s
memmove
srand
rand
swprintf_s
_wrename
towlower
_vsnwprintf_s
towupper
_errno
__RTDynamicCast
_mktime64
_wtoi64
wcscmp
_wtof
_snwprintf
abs
wcsstr
memcmp
wcscpy
strcpy
free
_wtoi
malloc
wcscpy_s
_purecall
wcscat
wcsncpy_s
_beginthreadex
_waccess
_endthreadex
wcsncmp
memchr
feof
_wchmod
_CxxThrowException
__CxxFrameHandler3
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
setlocale
islower
__uncaught_exception
_invoke_watson
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
abort
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_time64
strlen
_itow
??0exception@std@@QAE@XZ
swscanf
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_wcsupr
_fileno
__iob_func
_isatty
sscanf
memcpy
memset
??_V@YAXPAX@Z
memcpy_s
_wcsicmp
wcsrchr
_vswprintf
wcschr
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
wcslen
wcsncpy
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
memmove_s
??3@YAXPAX@Z

comctl32

ImageList_Add
ImageList_GetIconSize
DestroyPropertySheetPage
CreatePropertySheetPageW
CreateStatusWindowW
InitCommonControlsEx
_TrackMouseEvent
PropertySheetW
ImageList_GetIcon
ImageList_GetImageCount
ImageList_LoadImageW
ord8
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_Draw

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5bbfe1863ee6aa9ceacee3e1f0a50e39

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

msvcr80

comctl32

version

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 31KB - Virtual size: 35KB

.rsrc Size: 43KB - Virtual size: 43KB

.tc Size: 246KB - Virtual size: 248KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 31KB - Virtual size: 35KB

.rsrc
Size: 43KB - Virtual size: 43KB

.tc
Size: 246KB - Virtual size: 248KB